[grsec] grsecurity 2.1.3 released for 2.4.29/2.6.11 *CRITICAL UPDATE FOR RBAC USERS*

[Brad Spengler]

grsecurity 2.1.3 has been released to fix a number of problems found 
during a routine audit of grsecurity. Changes in this release include 
allowed gradm -u for non-root users in a no-authentication special role, 
addition of a missing ptrace hook on amd64, fixed hidden file check that 
takes subject inheritance into account, unification of the mmap hook so 
it no longer requires a per-arch component, and the breakup of the "O" 
subject flag into "O" and "t", where "O" now means to allow writable 
library loads for the process, while "t" allows a process to ptrace any 
task. The "t" mode should be used sparingly in combination with the 
no-ptrace object flag. A bug in PaX that causes a SIGBUS in a task when 
SEGMEXEC is enabled but MPROTECT is disabled has been fixed in this 
release as well.
During the audit, a critical vulnerability was found in the RBAC system 
that effectively gave every subject the "O" flag, allowing a root user 
for instance to gain the privileges of any other process through 
LD_PRELOAD or ptrace. If you have already upgraded to 2.1.2 and use the 
RBAC system, I strongly urge you to upgrade to 2.1.3. To ensure that 
problems like this won't occur in the future, I will be developing an 
extensive regression test suite for the RBAC system similar to the one 
that exists already for non-RBAC features.

Sorry about the timing of this release, but the vuln I discovered is 
quite serious, and I'm hoping to catch the people who haven't updated 
their machines to 2.1.2 yet due to it being released over the weekend.

-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050307/b3289046/attachment.pgp